Your submission was sent successfully! Close

CVE-2021-46828

Published: 20 July 2022

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.

Notes

AuthorNote
amurray
ntirpc is forked from libtirpc so shares a lot of code
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libtirpc
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (1.2.5-1ubuntu0.1)
impish Ignored
(reached end-of-life)
jammy
Released (1.3.2-2ubuntu0.1)
trusty Not vulnerable
(code not present)
upstream
Released (1.3.3rc1)
xenial Not vulnerable
(code not present)
Patches:
upstream: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed
ntirpc
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(code not present)
trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)